A shared resource is a purely passive entity used for communication and information sharing between domains. Since all objects within a domain are private to that domain and, therefore, are not shared, the only way for domains to interact with each other is through a shared resource. Domains must be given explicit access (in a well defined form) to these shared resources in order to communicate.
A single shared resource may contain any number of system object classes (files, pipes, sockets, etc.) that together represent a single conceptual resource. For example, a definition of the shared resource unixStreamSockets would include permissions on the directory containing the sock_files, permissions on the actual sock_files and permissions on the unix_stream_sockets.
Shared resources are represented with circles in the graphical policy as shown in the figure below.
©2005 - 2008 Tresys Technology, LLC
Patent Pending